Hello. Private-equity investors are well aware of cyber risk in their portfolio companies but they might not be doing enough about it.

Just 70% of PE firms conduct cyber due diligence on every acquisition, pre-deal, according to new research from S-RM Intelligence and Risk Consulting, which surveyed 100 PE firms in the U.S., Europe, Middle East and Africa. This surprises me. Not 100%? And 4% said they never conduct such inquiries.

On a related note, as we recently covered, startups are a prime target for hackers because of the deep pockets of their venture investors. 

There’s a bigger role for VC and PE to play in improving the defenses of the businesses they want to profit from.

Other news:

• Texas flood prompts scams
• Qantas said hacker made contact
• Major Massachusetts health plan data breached
• Could you be NASA's next CISO?

Qantas says hacker made contact. The Australian airline, one of whose call centers was breached last week, didn't provide details of the contact, saying it is working with the Australian Federal Police.

• The personal data of up to six million Qantas customers could have been stolen. (Reuters)
• "This week, we will be in a position to update impacted customers on the types of their personal data that was contained in the system. This will confirm specific data fields for each individual, which will vary from customer to customer," the company said Monday.

Healthcare data at risk after hack on a contractor's business partner's software. Patients of Blue Cross Blue Shield of Massachusetts are being notified that their data was breached when the file-transfer software used at a direct-mail marketing company was exploited. Cierant, a marketing company that sends letters for the Massachusetts health plan, said it discovered in December that its Cleo VLTrader file-transfer tech was hacked, exposing the data. 

• Cierant has stopped using the Cleo software, it said in a letter to state regulators.
• Information at risk, Cierant said in a notice on its website, can include: name, address, date of birth, treatment-related dates, a generic description of services received, provider name, medical record number, health plan beneficiary number, claims number, plan member account number and premium information.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.